1. Field of the Invention
The present invention generally relates to database query processing and, more particularly, methods and techniques for representing data stored in an underlying physical database.
2. Description of the Related Art
Databases are well known systems for storing, searching, and retrieving information stored in a computer. The most prevalent type of database used today is the relational database, which stores data using a set of tables that may be reorganized and accessed in a number of different ways. Users access information in relational databases using a relational database management system (DBMS).
Databases are often large, complex software applications that require specialized training to use or administer properly. Because of this complexity, database abstraction techniques have been developed that provide an abstraction layer between an underlying physical representation of data (used by the physical database) and an abstraction layer presented to users interacting with the database. For example, commonly assigned U.S. patent application Ser. No. 10/083,075 (the '075 application) entitled “Application Portability and Extensibility through Database Schema and Query Abstraction,” discloses techniques for constructing a data abstraction model over an underlying physical database. The '075 application discloses a data abstraction model constructed using logical fields that map to data stored in the underlying physical database. The definition for each logical field includes an access method specifying a location (i.e., a table and column) in the underlying database from which to retrieve data. Users compose an abstract query by selecting logical fields and specifying conditions.
A database administrator will often wish to control the access granted to users of the database based on physical parameters like tables and columns. This is especially the case when significant effort has already been made in creating a security model for the underlying physical database. Consider, for example, a relational database table used to store test results for medical tests. Given concerns about the privacy of patient medical records, a database administrator is likely to restrict access to data in this table. It would be ideal to reuse the security model for the physical database as a basis for implementing a security model for the data abstraction model. However, no mechanisms are currently available that allow an administrator to easily control access to the logical fields provided by the data abstraction model using these types of underlying physical parameters.
One approach includes exposing a subset of the logical fields created for a data abstraction model. Such a view may include instructions that remove or redefine logical fields in the data abstraction model. With these instructions, any field in the data abstraction model may be removed. In addition, any fields, which depend upon the removed field, will also be removed. Although this strategy works well, it does not remove logical fields from the data abstraction model based on the location from which a particular logical field draws information. For example, if an administrator wanted to remove all logical fields that referenced a specific table, the administrator would have to evaluate the data abstraction model, field by field, to evaluate each data access method. When a logical field was found with a data access method referencing the specific table, the administrator could then remove it from data abstraction model. For a data abstraction model with a substantial number of logical fields, or with multiple data abstraction models, each exposing a different “version” of the underlying physical database, this process may become time consuming and prone to error.
Accordingly, there remains a need for techniques to manage access to data represented using a data abstraction model.